Hundreds Targeted in New Atomic macOS Stealer Campaign

Posted on By CWS

CrowdStrike warns of a spike in assaults aimed toward infecting macOS customers with a variant of the notorious Atomic macOS Stealer (AMOS) data stealer.

Between June and August, the cybercrime group Cookie Spider, which operates the AMOS malware-as-a-service (MaaS) enterprise, used malvertising to direct victims to fraudulent assist web sites and trick them into putting in the malware.

The marketing campaign, CrowdStrike says, focused customers who have been trying to find options to frequent macOS points, and relied on selling fraudulent commercials for web sites the place victims have been instructed to execute a malicious command on their techniques.

The command would fetch a Bash script from a distant server, to seize the sufferer’s password and obtain an executable from one other distant location.

Dubbed SHAMOS, the payload is a variant of AMOS that accommodates anti-VM checks to forestall execution in a sandboxed setting, and which might carry out reconnaissance and information assortment duties.

The malware searches the system for recordsdata that comprise credentials, information from Keychain, AppleNotes, browsers, and identified cryptocurrency wallets, and makes an attempt to exfiltrate them to a distant server, packed in a ZIP archive.

Moreover, SHAMOS can obtain and execute payloads, together with a botnet module and a faux Ledger Reside pockets software.

The malvertising marketing campaign focused customers in Canada, China, Colombia, Italy, Japan, Mexico, the US, the UK, and different international locations, however was not served to Russian customers.Commercial. Scroll to proceed studying.

CrowdStrike’s investigation revealed that the cybercriminals probably impersonated a reliable Australia-based electronics retailer of their Google Promoting profile.

“This marketing campaign underscores the recognition of malicious one-line set up instructions amongst eCrime actors. This method permits them to bypass Gatekeeper safety checks and set up the Mach-O executable immediately onto sufferer gadgets,” CrowdStrike notes.

Associated: Homebrew macOS Customers Focused With Info Stealer Malware

Associated: Excessive-Worth NPM Builders Compromised in New Phishing Marketing campaign

Associated: North Korean Hackers Goal macOS Customers

Associated: Digium Telephones Focused in Cybercrime Marketing campaign Geared toward VoIP Methods

Security Week News Tags:, , , , ,

Related Posts

Adobe Patches Critical Code Execution Bugs Security Week News
Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People Security Week News
Motors Theme Vulnerability Exploited to Hack WordPress Websites Security Week News
Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft Security Week News
Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images Security Week News
Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities Security Week News